<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
On 2022-10-19 17:10, Chris wrote:<br>
<blockquote type="cite"
cite="mid:73195cf3-6940-a2aa-2189-a89397250700@wcbsecurity.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font size="-1"><font face="Arial">You may want to check these
links:</font></font></p>
<p><font size="-1"><font face="Arial"><a
class="moz-txt-link-freetext"
href="https://gitlab.torproject.org/tpo/community/support/-/issues/40093"
moz-do-not-send="true">https://gitlab.torproject.org/tpo/community/support/-/issues/40093</a></font></font></p>
<p><font size="-1"><font face="Arial"><a
class="moz-txt-link-freetext"
href="https://github.com/Enkidu-6/tor-ddos"
moz-do-not-send="true">https://github.com/Enkidu-6/tor-ddos</a></font></font></p>
<p><font size="-1"><font face="Arial"><a
class="moz-txt-link-freetext"
href="https://github.com/toralf/torutils"
moz-do-not-send="true">https://github.com/toralf/torutils</a></font></font></p>
</blockquote>
<br>
Thank you for the reply and the links.<br>
From what I can understand those links concern "connections". I
believe my firewall rules handles that fine (they're based on
Toralf's example).<br>
<br>
My concern is about circuits. As I understand it one connection can
create many circuits. If the attacker keeps the connections down to
avoid being blacklisted they can create lots of circuits. And one
circuit created affects 3 relays.<br>
<br>
So what I'm looking for is a way to get the IP of big circuit
creators.<br>
I understand that many circuits will come from other relays but on
my guard relay I assume the attacker also connect directly. If I can
blacklist non-relays that create too many circuits I can help my
relay and those downstream.<br>
</body>
</html>